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CLAIMS 

What is claimed is: 

1 1 . A system for establishing a secure execution environment for a 

software process executed by a program operating on a computer, comprising: 

3 a software process operating on a computer, said software process including a 

4 plurality of attributes; 1 

5 an operating system kernel in communication with said software process and 

6 in communication with an executable file to be accessed by said software process; and 

7 a system call trap associated with said operating system kernel, said system 

8 call trap configured to assign a selected plurality of said attributes to said software 

9 process, said selected plurality of attributes stored in association with said executable 
10 file. I 

1 2. The system of claim 1, wherein said system call trap fiirther comprises: 

2 a process attribute exten^on; and 

3 an access token extensioln associated with said process attribute extension, said 

4 access token extension including said selected plurality of attributes. ^ 

1 3. The system of claim 1, wherein said selected plurality of attributes are 

2 contained in a database associated with said executable file. 

1 4. The system of claim 1, wherein said selected plurality of attributes are 

2 chosen from the group consisting of user ID, group IDs and privileges. 
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5, The system of clair i 
said software process from any otUer 



1 , wherein said execution environment isolates 
software process operating on said computer. 



6. The system of claim 1, wherein said software process is a web server 



process. 



7. The system off claim 1, wherein said software process is a file transfer 



process. 



8. The systenV of claim 1, wherein said software process is a mail server 



process. 



9. The system of claim 1, wherein said selected plurality of attributes are 
associated to said softv^^are process upon execution of said software process. 

10. The system of claim 1, wherein said selected plurality of attributes 
replaces any existing attributes associated with said software process. 
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11. A method for esta >lishing a secure execution environment for a 
software process executed by a p] ogram operating on a computer, the method 
comprising the steps of: 

operating a software projbess on a computer, said software process including a 
pluraHty of attributes; 

executing an operating system kernel in communication with said software 
process, said operating system kernel in communication with an executable file to be 
accessed by said software process; and 

assigning a selected pmrality of said attributes to said software process, said 
selected plurality of attributes stored in association with said executable file. 

12. The methodf of claim 11, further comprising the steps of: 
executing a procesfs attribute extension; and 

executing an access token extension associated with said process attribute 
extension, said access token extension including said selected plurality of attributes. 

13. The metfhod of claim 11, wherein said selected plurality of attributes 
are contained in a database associated with said executable file. 

14. The method of claim 11, wherein said selected plurality of attributes 
are chosen from the group consisting of user ID, group IDs and privileges. 



15. 



said software 



[lie method of claim 1 1 , wherein said execution environment isolates 
ocess from any other software process operating on said computer. 
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16. The metho 1 of claim 11, wherein said software process is a web server 



2 process. 



1 17. The method of claim 11, wherein said software process is a file transfer 

2 process. 



18. The mi 



2 process. 



19. The 



are associated to said 



thod of claim 1 1 , wherein said software process is a mail server 



riethod of claim 11, wherein said selected plurality of attributes 
software process upon execution of said software process. 



20. The method of claim 11, wherein said selected plurality of attributes 
replaces any existing attributes associated with said software process. 
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21 . A computer readable medium having a program for establishing a 
secure execution environment for a software process executed by a program operating 
on a computer, the program includirJg logic for performing the steps of: 

operating a software process on a computer, said software process including a 
plurality of attributes; / 

executing an operating system kernel in communication with said software 
process, said operating system kernel in communication with an executable file to be 
accessed by said software process; and 

assigning a selected pluyality of said attributes to said software process, said 
selected plurality of attributes iJtored in association with said executable file.. 

22. The program of claim 21 , further comprising logic for performing the 
steps of: / 

executing a process/attribute extension; and 

executing an access token extension associated with said process attribute 
extension, said access tolden extension including said selected plurality of attributes. 

23. The proffram of claim 21, wherein said selected plurality of attributes 
are contained in a database associated with said executable file. 

24. The program of claim 21, wherein said selected plurality of attributes 
are chosen from tMe group consisting of user ID, group IDs and privileges. 
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25. The program of claim 21, wherein said execution environment isolates 
said software process from any other software process operating on said computer. 



26. The program off claim 21, wherein said software process is a web 



server process. 



27. The program 
transfer process. 

28. The program o 
server process. 



claim 21, wherein said software process is a file 



claim 21, wherein said software process is a mail 



29. The program o F claim 2 1 , wherein said selected plurality of attributes 
are associated to said software process upon execution of said software process. 



30. The program of claim 21 , wherein said selected plurality of attributes 
replaces any existing attributes associated with said software process. 
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